13.10.15
‘Assurance is a bigger challenge for the public sector’
Source: PSE - Oct/Nov 2015
A year ago, PSE reported on the publication of ‘A Guide to Integrated Assurance’ from the Association for Project Management (APM). Now, its authors are looking for case studies from organisations that have used the guide, to help others along the way. PSE caught up with Roy Millard, chair of the APM’s Assurance Specific Interest Group, and a senior audit manager at Transport for London, to find out more.
Assurance is an important discipline within the wider field of project and programme management – according to Roy Millard, it’s just as important as risk management, even if it’s not generally yet seen in those terms.
Millard, one of the authors of ‘A Guide to Integrated Assurance’, told PSE: “The two things go hand-in-hand. You need assurance to ensure your risk management is operating correctly, that you’re defining the right risks, and that the mitigations you’re putting in place are actually being implemented and are effective. Unless you have those mechanisms, you just don’t know whether you’re managing your risk effectively or not.”
Integrated assurance
Millard’s background is in electronic and systems engineering, and more recently in internal audit, having joined Transport for London’s (TfL’s) senior management team in 2002. He is now responsible for auditing TfL’s investment programme and its commercial activities, and looks after the health, safety, environmental and technical audit. He also holds a number of roles with the APM, and recently joined its board.
He helped write the integrated assurance guide, which has had a healthy level of interest since its publication last year – but a number of readers wanted more practical advice on implementing its ideas. So the APM’s Assurance Specific Interest Group (SIG), which Millard chairs, has issued a call for case studies where introduction of an integrated approach has had a measure of success, especially those who followed the guide or some elements of it.
Millard said: “It’s very unlikely we’ll end up with a single case study that covers all aspects, but if we can get a range of case studies, we can use them to illustrate individual elements. It’s very difficult to give any sort of ‘template’ guidance, because every organisation is different, with different assurance pictures, so it’s really quite complicated to do anything too generic.”
Once the SIG has collated the case study submissions, it will write them up in a journal article, followed by a conference in spring next year.
Making the lessons relevant
We asked Millard whether there are case studies from within TfL itself that help illustrate integrated assurance in practice, but he said the organisation’s sheer scale and complexity meant its lessons were less relevant for most organisations that the guidance is aimed at.
He added: “My perception is that assurance is a bigger challenge for the public sector. It tends to have more stakeholders, including both central and local government, because things are done more publicly. Also, the public sector tends to be more risk-averse, so will want more assurance around risks than perhaps the private sector would do. Those are broad generalisations, but that’s my experience.”
Crossrail
Crossrail, a wholly-owned subsidiary of TfL, “has one of the biggest challenges in terms of assurance,” Millard noted, with its vast range of stakeholders, complex funding and governance arrangements, new technologies in use, its cross-London geography and thus political and borough interests. Crossrail has its own internal audit and assurance functions, but ultimately TfL is responsible.
Around the time that construction work was starting, Millard set up the Crossrail Integrated Assurance Group, with input from TfL, Crossrail Ltd, the National Audit Office (NAO), Cabinet Office, Department for Transport and Network Rail.
“It was quite a novel idea at the time,” he said, “but it’s still running very successfully.”
The group has proved a useful, confidential way to share views and assurance information on the project. Millard said: “For example, the NAO are usually very independent and will look at what they want, when they want. But through this mechanism we were able to provide them with confidence that there was a lot of assurance work going on, they were getting visibility of the output from that (in an unofficial way) and it meant it was a lower priority for them to go and do audit work themselves.”
That approach has since been taken up by HS2 Ltd too.
Integrated assurance, although requiring some upfront time and resource commitments, “over the long term should more than pay for itself,” Millard told us. Asked about perceptions of ‘assurance overload’ and overlap, he said: “A lot of it is fallacious and malicious, and doesn’t exist as much as organisations think it does. Once you define the relationships, it becomes clear there isn’t a lot of duplication and conflict, and that the perception is driven by misunderstandings.”